permit 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. data/.gitignore +5 -0
  2. data/.yardopts +3 -0
  3. data/MIT-LICENSE +20 -0
  4. data/README.mkd +238 -0
  5. data/Rakefile +69 -0
  6. data/VERSION.yml +5 -0
  7. data/generators/permit/USAGE +40 -0
  8. data/generators/permit/permit_generator.rb +25 -0
  9. data/generators/permit/templates/authorization.rb +2 -0
  10. data/generators/permit/templates/initializer.rb +37 -0
  11. data/generators/permit/templates/migration.rb +28 -0
  12. data/generators/permit/templates/role.rb +2 -0
  13. data/init.rb +1 -0
  14. data/install.rb +1 -0
  15. data/lib/models/association.rb +89 -0
  16. data/lib/models/authorizable.rb +31 -0
  17. data/lib/models/authorization.rb +54 -0
  18. data/lib/models/person.rb +148 -0
  19. data/lib/models/role.rb +59 -0
  20. data/lib/permit/controller.rb +132 -0
  21. data/lib/permit/permit_rule.rb +198 -0
  22. data/lib/permit/permit_rules.rb +141 -0
  23. data/lib/permit/support.rb +67 -0
  24. data/lib/permit.rb +134 -0
  25. data/permit.gemspec +91 -0
  26. data/rails/init.rb +7 -0
  27. data/spec/models/alternate_models_spec.rb +54 -0
  28. data/spec/models/authorizable_spec.rb +78 -0
  29. data/spec/models/authorization_spec.rb +77 -0
  30. data/spec/models/person_spec.rb +278 -0
  31. data/spec/models/role_spec.rb +121 -0
  32. data/spec/permit/controller_spec.rb +308 -0
  33. data/spec/permit/permit_rule_spec.rb +452 -0
  34. data/spec/permit/permit_rules_spec.rb +273 -0
  35. data/spec/permit_spec.rb +58 -0
  36. data/spec/spec_helper.rb +73 -0
  37. data/spec/support/helpers.rb +13 -0
  38. data/spec/support/models.rb +38 -0
  39. data/spec/support/permits_controller.rb +7 -0
  40. data/tasks/permit_tasks.rake +4 -0
  41. data/uninstall.rb +1 -0
  42. metadata +107 -0
@@ -0,0 +1,273 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+ include Permit
3
+
4
+ module Permit::Specs
5
+ describe PermitRules do
6
+ describe "#initialize" do
7
+ it "should have an empty hash for allow rules" do
8
+ rules = PermitRules.new nil
9
+ rules.action_allow_rules.should == {}
10
+ end
11
+
12
+ it "should have an empty hash for deny rules" do
13
+ rules = PermitRules.new nil
14
+ rules.action_deny_rules.should == {}
15
+ end
16
+
17
+ it "should set the logger" do
18
+ rules = PermitRules.new "some logger"
19
+ rules.logger.should == "some logger"
20
+ end
21
+
22
+ it "should set the options" do
23
+ rules = PermitRules.new nil, :default_access => :allow
24
+ rules.options[:default_access].should == :allow
25
+ end
26
+ end
27
+
28
+ describe "#allow" do
29
+ before do
30
+ @rules = PermitRules.new nil
31
+ end
32
+
33
+ it "should raise an error with no action" do
34
+ lambda {
35
+ @rules.allow :admin
36
+ }.should raise_error(PermitConfigurationError, "At least one action must be given to authorize access for.")
37
+
38
+ lambda {
39
+ @rules.allow :admin, :to => nil
40
+ }.should raise_error(PermitConfigurationError, "At least one action must be given to authorize access for.")
41
+ end
42
+
43
+ it "should raise an error if multiple actions are given with :all" do
44
+ lambda {
45
+ @rules.allow :admin, :to => [:all, :show]
46
+ }.should raise_error(PermitConfigurationError, "If :all is specified for :to/:from then no other actions may be given.")
47
+ end
48
+
49
+ it "should accept one action" do
50
+ r = @rules.allow :admin, :to => :show
51
+ @rules.action_allow_rules.should have(1).item
52
+ @rules.action_allow_rules[:show].should have(1).item
53
+ @rules.action_allow_rules[:show][0].should == r
54
+ end
55
+
56
+ it "should accept multiple actions" do
57
+ r = @rules.allow :admin, :to => [:show, :index]
58
+ @rules.action_allow_rules.should have(2).items
59
+ @rules.action_allow_rules[:show].should have(1).item
60
+ @rules.action_allow_rules[:show][0].should == r
61
+ @rules.action_allow_rules[:index].should have(1).item
62
+ @rules.action_allow_rules[:index][0].should == r
63
+ end
64
+
65
+ it "should expand alias :read" do
66
+ r = @rules.allow :admin, :to => :read
67
+ @rules.action_allow_rules[:show].should have(1).item
68
+ @rules.action_allow_rules[:show][0].should == r
69
+ @rules.action_allow_rules[:index].should have(1).item
70
+ @rules.action_allow_rules[:index][0].should == r
71
+ end
72
+
73
+ it "should expand aliases" do
74
+ {
75
+ :create => [:new, :create],
76
+ :update => [:edit, :update],
77
+ :destroy => [:delete, :destroy],
78
+ :read => [:index, :show],
79
+ :write => [:new, :create, :edit, :update]
80
+ }.each do |alias_action, actions|
81
+ rules = PermitRules.new nil
82
+ r = rules.allow :admin, :to => alias_action
83
+ actions.each do |action|
84
+ rules.action_allow_rules[action].should have(1).item
85
+ rules.action_allow_rules[action][0].should == r
86
+ end
87
+ end
88
+ end
89
+
90
+ it "should not have multiple entries for the same action" do
91
+ r = @rules.allow :admin, :to => [:show, :index, :show]
92
+ @rules.action_allow_rules[:show].should have(1).item
93
+ @rules.action_allow_rules[:show][0].should == r
94
+ @rules.action_allow_rules[:index].should have(1).item
95
+ @rules.action_allow_rules[:index][0].should == r
96
+ end
97
+
98
+ it "should not have nil actions" do
99
+ r = @rules.allow :admin, :to => [:new, nil]
100
+ @rules.action_allow_rules[:new].should have(1).item
101
+ @rules.action_allow_rules[:new][0].should == r
102
+ end
103
+ end
104
+
105
+ describe "#deny" do
106
+ before do
107
+ @rules = PermitRules.new nil
108
+ end
109
+
110
+ it "should raise an error with no action" do
111
+ lambda {
112
+ @rules.deny :admin
113
+ }.should raise_error(PermitConfigurationError, "At least one action must be given to authorize access for.")
114
+
115
+ lambda {
116
+ @rules.deny :admin, :from => nil
117
+ }.should raise_error(PermitConfigurationError, "At least one action must be given to authorize access for.")
118
+ end
119
+
120
+ it "should raise an error if multiple actions are given with :all" do
121
+ lambda {
122
+ @rules.deny :admin, :from => [:all, :show]
123
+ }.should raise_error(PermitConfigurationError, "If :all is specified for :to/:from then no other actions may be given.")
124
+ end
125
+
126
+ it "should accept one action" do
127
+ r = @rules.deny :admin, :from => :show
128
+ @rules.action_deny_rules.should have(1).item
129
+ @rules.action_deny_rules[:show].should have(1).item
130
+ @rules.action_deny_rules[:show][0].should == r
131
+ end
132
+
133
+ it "should accept multiple actions" do
134
+ r = @rules.deny :admin, :from => [:show, :index]
135
+ @rules.action_deny_rules.should have(2).items
136
+ @rules.action_deny_rules[:show].should have(1).item
137
+ @rules.action_deny_rules[:show][0].should == r
138
+ @rules.action_deny_rules[:index].should have(1).item
139
+ @rules.action_deny_rules[:index][0].should == r
140
+ end
141
+
142
+ it "should expand alias :read" do
143
+ r = @rules.deny :admin, :from => :read
144
+ @rules.action_deny_rules[:show].should have(1).item
145
+ @rules.action_deny_rules[:show][0].should == r
146
+ @rules.action_deny_rules[:index].should have(1).item
147
+ @rules.action_deny_rules[:index][0].should == r
148
+ end
149
+
150
+ it "should expand aliases" do
151
+ {
152
+ :create => [:new, :create],
153
+ :update => [:edit, :update],
154
+ :destroy => [:delete, :destroy],
155
+ :read => [:index, :show],
156
+ :write => [:new, :create, :edit, :update]
157
+ }.each do |alias_action, actions|
158
+ rules = PermitRules.new nil
159
+ r = rules.deny :admin, :from => alias_action
160
+ actions.each do |action|
161
+ rules.action_deny_rules[action].should have(1).item
162
+ rules.action_deny_rules[action][0].should == r
163
+ end
164
+ end
165
+ end
166
+
167
+ it "should not have multiple entries for the same action" do
168
+ r = @rules.deny :admin, :from => [:show, :index, :show]
169
+ @rules.action_deny_rules[:show].should have(1).item
170
+ @rules.action_deny_rules[:show][0].should == r
171
+ @rules.action_deny_rules[:index].should have(1).item
172
+ @rules.action_deny_rules[:index][0].should == r
173
+ end
174
+
175
+ it "should not have nil actions" do
176
+ r = @rules.deny :admin, :from => [:new, nil]
177
+ @rules.action_deny_rules[:new].should have(1).item
178
+ @rules.action_deny_rules[:new][0].should == r
179
+ end
180
+ end
181
+
182
+ describe "#permitted?" do
183
+ before do
184
+ @logger = mock("logger")
185
+ @logger.stub!(:info).and_return(nil)
186
+ end
187
+
188
+ context "for deny rules" do
189
+ before do
190
+ @rules = PermitRules.new @logger, :default_access => :allow
191
+ end
192
+
193
+ describe "when a person matches an :all actions deny rule" do
194
+ it "should return false" do
195
+ @rules.deny :everyone, :from => :delete
196
+ @rules.deny :everyone, :from => :all
197
+ @rules.permitted?(Guest.new, :delete, binding).should be_false
198
+ end
199
+ end
200
+
201
+ describe "when a person matches a deny rule" do
202
+ it "should return false" do
203
+ @rules.deny :everyone, :from => :show
204
+ @rules.permitted?(Guest.new, :show, binding).should be_false
205
+ end
206
+ end
207
+
208
+ describe "when a person matches a deny and an allow rule" do
209
+ it "should return false" do
210
+ @rules.allow :everyone, :to => :create
211
+ @rules.deny :everyone, :from => :create
212
+ @rules.permitted?(Guest.new, :create, binding).should be_false
213
+ end
214
+ end
215
+ end
216
+
217
+ context "for allow rules" do
218
+ before do
219
+ @rules = PermitRules.new @logger
220
+ end
221
+
222
+ describe "when a person matches an :all actions allow rule" do
223
+ it "should return true" do
224
+ @rules.allow :everyone, :to => :all
225
+ @rules.permitted?(Guest.new, :index, binding).should be_true
226
+ end
227
+ end
228
+
229
+ describe "when a person matches an allow rule" do
230
+ it "should return true" do
231
+ @rules.allow :everyone, :to => :new
232
+ @rules.permitted?(Guest.new, :new, binding).should be_true
233
+ end
234
+ end
235
+ end
236
+
237
+
238
+ describe "when a person doesn't match any rules" do
239
+ before {@default = Permit::Config.default_access}
240
+
241
+ describe "and the :default_access option is not set" do
242
+ it "should return false if Permit::Config#default_access is not set to :allow" do
243
+ Permit::Config.default_access = :deny
244
+ rules = PermitRules.new @logger
245
+ rules.permitted?(Guest.new, :show, binding).should be_false
246
+ end
247
+
248
+ it "should return true if Permit::Config#default_access is set to :allow" do
249
+ Permit::Config.default_access = :allow
250
+ rules = PermitRules.new @logger
251
+ rules.permitted?(Guest.new, :show, binding).should be_true
252
+ end
253
+ end
254
+
255
+ describe "and the :default_access option is set" do
256
+ it "should return true if the option is set to :allow" do
257
+ Permit::Config.default_access = :deny
258
+ rules = PermitRules.new @logger, :default_access => :allow
259
+ rules.permitted?(Guest.new, :index, binding).should be_true
260
+ end
261
+
262
+ it "should return false if the option is not set to :allow" do
263
+ Permit::Config.default_access = :allow
264
+ rules = PermitRules.new @logger, :default_access => :deny
265
+ rules.permitted?(Guest.new, :index, binding).should be_false
266
+ end
267
+ end
268
+
269
+ after {Permit::Config.default_access = @default}
270
+ end
271
+ end
272
+ end
273
+ end
@@ -0,0 +1,58 @@
1
+ require File.dirname(__FILE__) + '/spec_helper'
2
+
3
+ describe Permit::Config do
4
+ describe "defaults" do
5
+ it "controller_subject_method should default to nil" do
6
+ Permit::Config.controller_subject_method.should be_nil
7
+ end
8
+
9
+ it "default_access should be :deny" do
10
+ Permit::Config.default_access.should == :deny
11
+ end
12
+ end
13
+
14
+ describe "#set_core_models" do
15
+ before :all do
16
+ @auth = Permit::Config.authorization_class
17
+ @person = Permit::Config.person_class
18
+ @role = Permit::Config.role_class
19
+ end
20
+
21
+ it "should set the class variables" do
22
+ Permit::Config.set_core_models(Permit::Specs::Authorization, Permit::Specs::Person, Permit::Specs::Role)
23
+ Permit::Config.authorization_class.should be(Permit::Specs::Authorization)
24
+ Permit::Config.person_class.should be(Permit::Specs::Person)
25
+ Permit::Config.role_class.should be(Permit::Specs::Role)
26
+ end
27
+
28
+ it "should setup the permit_* methods on the models" do
29
+ Permit::Specs::Authorization.should_receive(:permit_authorization)
30
+ Permit::Specs::Person.should_receive(:permit_person)
31
+ Permit::Specs::Role.should_receive(:permit_role)
32
+ Permit::Config.set_core_models(Permit::Specs::Authorization, Permit::Specs::Person, Permit::Specs::Role)
33
+ end
34
+
35
+ after :all do
36
+ Permit::Config.set_core_models(@auth, @person, @role)
37
+ end
38
+ end
39
+
40
+ describe "#reset_core_models" do
41
+ before :all do
42
+ @auth = Permit::Config.authorization_class
43
+ @person = Permit::Config.person_class
44
+ @role = Permit::Config.role_class
45
+ end
46
+
47
+ it "should reset the core model classes" do
48
+ Object.should_receive(:const_get).with("Permit::Specs::Authorization").and_return(Permit::Specs::Authorization)
49
+ Object.should_receive(:const_get).with("Permit::Specs::Person").and_return(Permit::Specs::Person)
50
+ Object.should_receive(:const_get).with("Permit::Specs::Role").and_return(Permit::Specs::Role)
51
+ Permit::Config.reset_core_models
52
+ end
53
+
54
+ after :all do
55
+ Permit::Config.set_core_models(@auth, @person, @role)
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,73 @@
1
+ begin
2
+ require File.dirname(__FILE__) + '/../../../../spec/spec_helper'
3
+ rescue LoadError => e
4
+ puts e
5
+ puts "You need to install rspec in your base app"
6
+ exit
7
+ end
8
+
9
+ ActiveRecord::Schema.verbose = false
10
+
11
+ begin
12
+ ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
13
+ rescue ArgumentError
14
+ ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
15
+ end
16
+
17
+ ActiveRecord::Schema.define(:version => 1) do
18
+ create_table :roles do |t|
19
+ t.string :key, :name, :description
20
+ t.boolean :requires_resource, :authorize_resource, :null => false, :default => true
21
+ end
22
+
23
+ create_table :people do |t|
24
+ t.string :name
25
+ end
26
+
27
+ create_table :projects do |t|
28
+ t.string :name
29
+ t.integer :owner_id
30
+ end
31
+
32
+ create_table :teams do |t|
33
+ t.string :name
34
+ end
35
+
36
+ create_table :people_teams, :id => false do |t|
37
+ t.integer :person_id, :team_id
38
+ end
39
+
40
+ create_table :projects_teams, :id => false do |t|
41
+ t.integer :project_id, :team_id
42
+ end
43
+
44
+ create_table :authorizations do |t|
45
+ t.integer :person_id, :role_id, :null => false
46
+ t.string :resource_type
47
+ t.integer :resource_id
48
+ t.timestamps
49
+ end
50
+
51
+ create_table :users do |t|
52
+ t.string :name
53
+ end
54
+
55
+ create_table :jobs do |t|
56
+ t.string :key, :name, :description
57
+ t.boolean :requires_resource, :authorize_resource, :null => false, :default => true
58
+ end
59
+
60
+ create_table :entitlements do |t|
61
+ t.integer :user_id, :job_id, :null => false
62
+ t.string :resource_type
63
+ t.integer :resource_id
64
+ t.timestamps
65
+ end
66
+
67
+ end
68
+
69
+ require File.dirname(__FILE__) + "/support/models"
70
+ require File.dirname(__FILE__) + "/support/permits_controller"
71
+ require File.dirname(__FILE__) + "/support/helpers"
72
+
73
+ Permit::Config.set_core_models(Permit::Specs::Authorization, Permit::Specs::Person, Permit::Specs::Role) #unless Permit::Config.models_defined?
@@ -0,0 +1,13 @@
1
+ include Permit
2
+
3
+ def new_authz(person, key, resource = :default)
4
+ role = Permit::Specs::Role.find_by_key key.to_s
5
+ role ||= Permit::Specs::Role.create :key => key.to_s, :name => key.to_s
6
+ resource = (resource == :default ? Permit::Specs::Project.find_or_create_by_name("test project") : resource)
7
+ a = Permit::Specs::Authorization.create! :person => person, :role => role, :resource => resource
8
+ end
9
+
10
+ def role(key, name = nil)
11
+ r = Permit::Specs::Role.find_by_key key.to_s
12
+ r ? r : Permit::Specs::Role.create!(:key => key.to_s, :name => (name ? name : key.to_s))
13
+ end
@@ -0,0 +1,38 @@
1
+ # models include Permit::Specs so that they will prefer spec models to
2
+ # identically named models in main app.
3
+ module Permit::Specs
4
+ class Person < ActiveRecord::Base
5
+ include Permit::Specs
6
+
7
+ has_and_belongs_to_many :teams
8
+
9
+ def guest?
10
+ new_record?
11
+ end
12
+ end
13
+
14
+ class Guest
15
+ def guest?
16
+ true
17
+ end
18
+ end
19
+
20
+ class Role < ActiveRecord::Base
21
+ include Permit::Specs
22
+
23
+ end
24
+
25
+ class Authorization < ActiveRecord::Base
26
+ include Permit::Specs
27
+ end
28
+
29
+ class Project < ActiveRecord::Base
30
+ include Permit::Specs
31
+ permit_authorizable
32
+ end
33
+
34
+ class Team < ActiveRecord::Base
35
+ include Permit::Specs
36
+ permit_authorizable
37
+ end
38
+ end
@@ -0,0 +1,7 @@
1
+ class PermitsController < ActionController::Base
2
+ include Permit
3
+
4
+ def current_person
5
+
6
+ end
7
+ end
@@ -0,0 +1,4 @@
1
+ # desc "Explaining what the task does"
2
+ # task :permit do
3
+ # # Task goes here
4
+ # end
data/uninstall.rb ADDED
@@ -0,0 +1 @@
1
+ # Uninstall hook code here
metadata ADDED
@@ -0,0 +1,107 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: permit
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.9.0
5
+ platform: ruby
6
+ authors:
7
+ - Steve Valaitis
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+
12
+ date: 2010-03-27 00:00:00 -05:00
13
+ default_executable:
14
+ dependencies: []
15
+
16
+ description:
17
+ email: steve@digitalnothing.com
18
+ executables: []
19
+
20
+ extensions: []
21
+
22
+ extra_rdoc_files:
23
+ - README.mkd
24
+ files:
25
+ - .gitignore
26
+ - .yardopts
27
+ - MIT-LICENSE
28
+ - README.mkd
29
+ - Rakefile
30
+ - VERSION.yml
31
+ - generators/permit/USAGE
32
+ - generators/permit/permit_generator.rb
33
+ - generators/permit/templates/authorization.rb
34
+ - generators/permit/templates/initializer.rb
35
+ - generators/permit/templates/migration.rb
36
+ - generators/permit/templates/role.rb
37
+ - init.rb
38
+ - install.rb
39
+ - lib/models/association.rb
40
+ - lib/models/authorizable.rb
41
+ - lib/models/authorization.rb
42
+ - lib/models/person.rb
43
+ - lib/models/role.rb
44
+ - lib/permit.rb
45
+ - lib/permit/controller.rb
46
+ - lib/permit/permit_rule.rb
47
+ - lib/permit/permit_rules.rb
48
+ - lib/permit/support.rb
49
+ - permit.gemspec
50
+ - rails/init.rb
51
+ - spec/models/alternate_models_spec.rb
52
+ - spec/models/authorizable_spec.rb
53
+ - spec/models/authorization_spec.rb
54
+ - spec/models/person_spec.rb
55
+ - spec/models/role_spec.rb
56
+ - spec/permit/controller_spec.rb
57
+ - spec/permit/permit_rule_spec.rb
58
+ - spec/permit/permit_rules_spec.rb
59
+ - spec/permit_spec.rb
60
+ - spec/spec_helper.rb
61
+ - spec/support/helpers.rb
62
+ - spec/support/models.rb
63
+ - spec/support/permits_controller.rb
64
+ - tasks/permit_tasks.rake
65
+ - uninstall.rb
66
+ has_rdoc: true
67
+ homepage: http://github.com/dnd/permit
68
+ licenses: []
69
+
70
+ post_install_message:
71
+ rdoc_options:
72
+ - --charset=UTF-8
73
+ require_paths:
74
+ - lib
75
+ required_ruby_version: !ruby/object:Gem::Requirement
76
+ requirements:
77
+ - - ">="
78
+ - !ruby/object:Gem::Version
79
+ version: "0"
80
+ version:
81
+ required_rubygems_version: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ version: "0"
86
+ version:
87
+ requirements: []
88
+
89
+ rubyforge_project:
90
+ rubygems_version: 1.3.5
91
+ signing_key:
92
+ specification_version: 3
93
+ summary: A flexible authorization plugin for Ruby on Rails.
94
+ test_files:
95
+ - spec/spec_helper.rb
96
+ - spec/support/helpers.rb
97
+ - spec/support/models.rb
98
+ - spec/support/permits_controller.rb
99
+ - spec/models/alternate_models_spec.rb
100
+ - spec/models/person_spec.rb
101
+ - spec/models/role_spec.rb
102
+ - spec/models/authorizable_spec.rb
103
+ - spec/models/authorization_spec.rb
104
+ - spec/permit_spec.rb
105
+ - spec/permit/permit_rules_spec.rb
106
+ - spec/permit/controller_spec.rb
107
+ - spec/permit/permit_rule_spec.rb